Staff Engineer – Authentication & Authorization (fmx)

Berlin - Germany

Monthly Salary: Not Disclosed

Posted on: 6 hours ago

Vacancies: 1 Vacancy

Job Summary

Role Mission

As aStaff Engineer for Authentication & Authorization you will define and lead the identity and access strategy across Enpals digital and device ecosystem.

This role is critical to ensuring that:

Millions of device user and service interactions aresecure by design

Our platform scales safely across customers partners installers and internal operations

Identity becomes ashared platform capability not reinvented per team

We meet evolvingcompliance privacy and security requirementswhile maintaining developer velocity

You will operate as both an architect and a hands-on engineer shaping how identity trust and access are implemented across cloud services IoT infrastructure and customer-facing applications

What You Will Do

Define the Identity Architecture

Own theend-to-end authentication and authorization modelacross Enpal systems.

Design scalable identity solutions for:

Customer platforms and mobile/web apps

Internal operational tools and partner integrations

Machine-to-machine and event-driven communication

Establish patterns formulti-tenant identity and access controlacross markets and product lines

Build a Secure-by-Default Platform

Lead implementation of modern protocols (OAuth2 OIDC mTLS SAML where required)

Define standards for:

Fine-grained authorization (RBAC / ABAC / policy-based access)

Secure API access and gateway enforcement

Create reusable libraries SDKs and guardrails that make the secure path the easiest path

Drive Zero-Trust and Cloud-Native Security Practices

Design identity-aware infrastructure aligned with Zero Trust principles

Integrate authentication into our Azure and Kubernetes environments

Secure event-driven systems and messaging infrastructure

Collaborate with security teams on threat modeling and risk reduction

Enable Teams Through Platform Thinking

Provide a shared identity platform used by multiple engineering domains

Reduce duplication by standardizing authentication flows and access decisions

Mentor teams on correct usage patterns and security best practices

Balance strong security guarantees with usability and developer experience

Ensure Compliance Privacy and Auditability

Support GDPR-aligned identity handling and data minimization strategies

Implement traceable authorization decisions and audit logging

Contribute to regulatory and certification readiness

Qualifications :

Qualifications

We are looking for roughly a 50% fit with what we ask. The other 50% is the perspective and strengths you bring

Required Experience

8 years in software engineering including experience designing distributed systems

Proven experience designing or operatingauthentication and authorization systems at scale

Strong background in cloud-native architectures and microservices

Hands-on experience implementing identity protocols such as OAuth2 OIDC or similar.

Experience designing secure service-to-service communication patterns including the ability to translate security requirements into practical engineering solutions

Feel comfortable with: Azure Kubernetes Terraforn

you communicate clearly in English spoken and written. Crisp and concise ways of formulating your ideas and opinions. Knowledge of German is a plus

you are inspired by the energy transition and want to make a difference. We are one of the biggest players in the solar business and want to make this change with you.

you want to participate in a company where empowerment and initiative is valued. We are looking for people who want to grow their personal skills and knowledge take responsibility steer and influence for what they feel is right.

agile and lean values are embodied by you. People over processes. Code over documentation. Reducing waste by building minimum viable products first testing it with real users growing and maintaining solutions as requirements evolve.

Additional Information :

We offer:

The opportunity to shape identity foundations at one of Europes fastest-growing energy companies

A hybrid work model with flexibility between remote work and our Berlin office

A mission-driven environment contributing directly to the energy transition

A culture that values ownership initiative engineering excellence and continuous learning

At Enpal we are proud of the diversity of our team and provide a safe and inclusive workplace for everyone

Remote Work :

Employment Type :

Full-time

Role Mission As aStaff Engineer for Authentication & Authorization you will define and lead the identity and access strategy across Enpals digital and device ecosystem. This role is critical to ensuring that: Millions of device user and service interactions aresecure by design Our platform scales sa...